AppLNo. 10/683,542 

Amdt. Dated 12/22/2004 

Reply to Office action of 9/22/2004 

Amendments to the Claims: 

This listing of claims will replace all prior versions, and listings, of claims in the application: 
Listing of Claims: 

Please cancel claims 1-18. 

Please add the following new claims, claims 37-76. 

37. (Currently Amended) An apparatus comprising: 

a configuration storage to store configuration settings to configure an access transaction 
generated by a processor having a first execution mode and a second execution mode, the configuration 
storage to store an execution mode identifier that is asserted as an execution mode signal to indicate the 
processor is operating in the first execution mode, the configuration settings including subsystem 
memory range settings, a memory base value, and a memory length value, a combination of at least the 
base and length values to th e configuration s e ttings to define a protected memory area in a memory 
external to the processor that is accessible to the processor in the first execution mode^and the 
configuration settings to define an un-protected memory area that is accessible to the processor in the 
second execution mode, wherein the processor in the second execution mode cannot access the protected 
memory area, the access transaction including access informatio n including a physical address : 

a protected memory zone in the protected memory are a defined by a subsystem memory range 

setting ; 

an un-protected memory zone in the un-protected memory area; and 

a memory zone access checking circuit coupled to the configuration storage to check the access 
transaction using at least one of the configuration settings and the access information to determine if the 
access transaction is valid and generating an access grant signal if the transaction is valid . 

38. (Previously Presented) The apparatus of claim 37 wherein the protected memory zone in 
the protected memory area includes at least one protected memory page. 

39. (Previously Presented) The apparatus of claim 38 wherein the at least one protected 
memory page includes an applet page. 
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40. (Previously Presented) The apparatus of claim 38 wherein the at least one protected 
memory page includes an OS nub page. 

41. (Previously Presented) The apparatus of claim 38 wherein the at least one protected 
memory page includes a processor nub page. 

42. (Canceled) 

43. (Currently Amended) The apparatus of claim [[42]] 37 further comprising an identifier 
that identifies a currently active protected memory zone and that the processor is operating in the first 
execution mode. 

44. (Previously Presented) The apparatus of claim 43 wherein determining if the access 
transaction is valid further comprises determining if the physical address is within the currently active 
protected memory zone and if the identifier is asserted. 

45. (Previously Presented) The apparatus of claim 43 wherein the multi-memory zone access 
checking circuit comprises a memory zone detector to detect if the physical address is within the 
currently active protected memory zone such that the memory zone detector generates a memory zone 
matching signal. 

46. (Previously Presented) The apparatus of claim 45 wherein the multi-memory zone access 
checking circuit further comprises an access grant generator coupled to the memory zone detector, the 
access grant generator generating an access grant signal if both the memory zone matching signal and 
identifier are asserted. 

47. (Currently Amended) A method comprising: 

configuring an access transaction generated by a processor having a first execution mode and a 
second execution mode; 

generating configuration settings that are stored in a configuration storage including an execution 
mode identifier that is asserted as an execution mode signal to indicate the processor is operating in the 
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first execution mode, the configuration settings further including subsystem memory range settings, a 
memory base value, and a memory length value, a combination of at least the base and length values to 
define a protected memory area in a memory external to the processor that is accessible to the processor 
in the first execution mode a and the configuration settings to define an un-protected memory area that is 
accessible to the processor in the second execution mode, wherein the processor in the second execution 
mode cannot access the protected memory area, the access transaction including access information 
including a physical address ; 

defining a protected memory zone in the protected memory are a defined by a subsystem memory 
range setting ; 

defining an un-protected memory zone in the un-protected memory area; and 
checking the access transaction using at least one of the configuration settings and the access 
information to determine if the access transaction is valid. 

48. (Previously Presented) The method of claim 47 wherein the protected memory zone in 
the protected memory area includes at least one protected memory page. 

49. (Previously Presented) The method of claim 48 wherein the at least one protected 
memory page includes an applet page. 

50. (Previously Presented) The method of claim 48 wherein the at least one protected 
memory page includes an OS nub page. 

5 1 . (Previously Presented) The method of claim 48 wherein the at least one protected 
memory page includes a processor nub page. 

52. (Canceled) 

53. (Currently Amended) The method of claim [[52]] 47 wherein an identifier is used to 
identify a currently active protected memory zone and that the processor is operating in the first 
execution mode. 
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54. (Previously Presented) The method of claim 53 wherein determining if the access 
transaction is valid further comprises determining if the physical address is within the currently active 
protected memory zone and if the identifier is asserted. 

55. (Previously Presented) The method of claim 53 further comprising detecting if the 
physical address is within the currently active protected memory zone such that a memory zone 
matching signal is generated. 

56. (Previously Presented) The method of claim 55 further comprising generating an access 
grant signal if both the memory zone matching signal and identifier are asserted. 

57. (Currently Amended) A machine-readable medium having stored thereon 
instructions, which when executed by a machine, cause the machine to perform the following 
operations comprising: 

configuring an access transaction generated by a processor having a first execution mode and a 
second execution mode; 

generating configuration settings that are stored in a configuration storage including an execution 
mode identifier that is asserted as an execution mode signal to indicate the processor is operating in the 
first execution mode, the configuration settings further including subsystem memory range settings, a 
memory base value, and a memory length value, a combination of at least the base and length values to 
define a protected memory area in a memory external to the processor that is accessible to the processor 
in the first execution mode a and the configuration settings to define an un-protected memory area that is 
accessible to the processor in the second execution mode, wherein the processor in the second execution 
mode cannot access the protected memory area, the access transaction including access information 
including a physical address ; 

defining a protected memory zone in the protected memory are a defined by a subsystem memory 
range setting ; 

defining an un-protected memory zone in the un-protected memory area; and 
checking the access transaction using at least one of the configuration settings and the access 
information to determine if the access transaction is valid. 
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58. (Previously Presented) The machine-readable medium of claim 57 wherein the protected 
memory zone in the protected memory area includes at least one protected memory page. 

59. (Previously Presented) The machine-readable medium of claim 58 wherein the at least 
one protected memory page includes an applet page. 

60. (Previously Presented) The machine-readable medium of claim 58 wherein the at least 
one protected memory page includes an OS nub page. 

61 . (Previously Presented) The machine-readable medium of claim 58 wherein the at least 
one protected memory page includes a processor nub page. 

62. (Canceled) 

63. (Currently Amended) The machine-readable medium of claim [[62]] 57 wherein an 
identifier is used to identify a currently active protected memory zone and that the processor is operating 
in the first execution mode. 

64. (Previously Presented) The machine-readable medium of claim 63 wherein determining if 
the access transaction is valid further comprises determining if the physical address is within the 
currently active protected memory zone and if the identifier is asserted. 

65. (Previously Presented) The machine-readable medium of claim 63 further comprising 
detecting if the physical address is within the currently active protected memory zone such that a 
memory zone matching signal is generated. 

66. (Previously Presented) The machine-readable medium of claim 65 further comprising 
generating an access grant signal if both the memory zone matching signal and identifier are asserted. 

67. (Currently Amended) A system comprising: 
a chipset; 
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a memory coupled to the chipset; 

a processor coupled to the chipset and the memory having an access manager, the processor 
having a first execution mode and a second execution mode, the processor generating an access 
transaction having access information, the access manager comprising: 

a configuration storage to store configuration settings to configure an access transaction 
generated by a processor having a first execution mode and a second execution mode, the configuration 
storage to store an execution mode identifier that is asserted as an execution mode signal to indicate the 
processor is operating in the first execution mode, the configuration settings including subsystem 
memory range settings, a memory base value, and a memory length value, a combination of at least the 
base and length values to th e configuration s e ttings to define a protected memory area in a memory 
external to the processor that is accessible to the processor in the first execution mode^and the 
configuration settings to define an un-protected memory area that is accessible to the processor in the 
second execution mode, wherein the processor in the second execution mode cannot access the protected 
memory area, the access transaction including access informatio n including a physical address ; 

a protected memory zone in the protected memory are a defined by a subsystem memory range 

setting ; 

an un-protected memory zone in the un-protected memory area; and 

a memory zone access checking circuit coupled to the configuration storage to check the access 
transaction using at least one of the configuration settings and the access information to determine if the 
access transaction is valid and generating an access grant signal if the transaction is valid . 

68. (Previously Presented) The system of claim 67 wherein the protected memory zone in the 
protected memory area includes at least one protected memory page. 

69. (Previously Presented) The system of claim 68 wherein the at least one protected memory 
page includes an applet page. 

70. (Previously Presented) The system of claim 68 wherein the at least one protected memory 
page includes an OS nub page. 
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71 . (Previously Presented) The system of claim 68 wherein the at least one protected memory 
page includes a processor nub page. 

72. (Canceled) 

73. (Currently Amended) The system of claim [[72]] 67 further comprising an identifier that 
identifies a currently active protected memory zone and that the processor is operating in the first 
execution mode. 

74. (Previously Presented) The system of claim 73 wherein determining if the access 
transaction is valid further comprises determining if the physical address is within the currently active 
protected memory zone and if the identifier is asserted. 

75. (Previously Presented) The system of claim 73 wherein the multi-memory zone access 
checking circuit comprises a memory zone detector to detect if the physical address is within the 
currently active protected memory zone such that the memory zone detector generates a memory zone 
matching signal. 

76. (Previously Presented) The system of claim 75 wherein the multi-memory zone access 
checking circuit further comprises an access grant generator coupled to the memory zone detector, the 
access grant generator generating an access grant signal if both the memory zone matching signal and 
identifier are asserted. 
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